XSS at file uploading in instantsoft/icms2

Valid

Reported on

Aug 14th 2023

Description

In menu Add page, there is a upload file function and xss payload can be injected there.

Detail:

1/ Access to the web demo and go to Add page menu.

2/ At upload file function, upload an file with filename is a payload xss.

3/ It will be triggered immediately.

Proof of Concept

Payload: "><img src=x onerror=alert(origin)>

Link video PoC: https://drive.google.com/file/d/1bgbbkTGhkKEYSVuQIyw58eKYjrW6pVc_/view?usp=sharing

Impact

Impact of Reflected XSS:

1/ The attacker can hijack user accounts.

2/ An attacker could steal credentials.

3/ An attacker could exfiltrate sensitive data.

4/ An attacker can steal cookies and Sessions.

We are processing your report and will contact the instantsoft/icms2 team within 24 hours. a month ago

We have contacted a member of the instantsoft/icms2 team and are waiting to hear back a month ago

Fuze validated this vulnerability a month ago

Chuu has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Fuze marked this as fixed in 2.16.1 with commit a6a30e a month ago

Fuze has been awarded the fix bounty

This vulnerability has been assigned a CVE

This vulnerability is scheduled to go public on Aug 31st 2023

Fuze gave praise a month ago

Thank you!

The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1

Chuu

commented a month ago

Researcher

Thank you too

Fuze published this vulnerability 22 days ago

to join this conversation